Another problem with cvtres.exe

Hello, I have been using CIS for several months on several different pc’s. I have one customer that runs a tax preparation sotware on her laptop. CIS has been installed on this laptop since last December. Just last week, she started having a problem where she runs a diagnostic within the Tax software (Taxwise 2008) that generates a listing of potential problems, missed info ,etc with the tax return she is working on. The tax software apparantly uses Dot.Net Framework 2.x and runs a program cvtres.exe as part of this process. Normally this process takes about 5 to 10 seconds to run. Since last week, the cvtres.exe program starts using up 95% to 99% of the CPU constantly and never stops. She has to terminate the cvtres.exe from the task manager and her diagnostic never finishes. After doing much searching I found severl instances of this same problem within the Comodo forums, however, the references here seem to be fairly old (from last year).

I made sure that CIS was updated and running the most recent version (which it was). I uninstalled CIS and had no problems running the diagnostic. I reinstalled CIS and the problem occurred. I used the Firewall “Define a New trusted app” to add the cvtres.exe and that did not solve the problem. Under Defense + I added the file and the entire folder Microsoft.net under Windows to the “My own safe files” list. That did not work. I unistalled CIS again and everything works fine. I ran windows update and made sure that the laptop had all the latest Dot.Net updates for framework 2.x and any other updates. She is running Windows XP sp2. I checked the last update for her tax software and it was more than two weeks ago. She has processed many returns and run the diagnostic between the last update and last week without any probelms so I’m confident that the tax software is not the problem.

As I mentioned above, everything has been working fine up until last week. Not sure what to try here. I would like to continue to use CIS but can’t with this problem. Any idea’s what to try to fix this problem?

I do have Safe surf installed, but noticed that did not uninstall when I uninstalled CIS - why?

Hello and welcome, icoso.
I guess the reason is shellcode injection protection, which i guess is turned on by default under defense+/advanced/image execution control level (cannot tell exactly as i’m running Linux).
Simplest way which should work 4 u is to add cvtres.exe and/or some other connected .NET processes in exclusion list (under “exclusions” dialog of shellcode injection protection).

If you won’t succeed with ^that^ workaround you may also try to disable shellcode injection protection completely. In this case you’ll still benefit from Comodo’s protection but it will be limited (without buffer overflow prevention).
OR you can rename guard32.dll under \system32 folder. I used this “hack” and it worked fine 4 me without noticable decrease in protection capabilities of defense+. However, keep in mind this “hack” is most likely discouraged by Comodo and internal diagnostics of CIS will complain in this case.

…Btw, shellcode injection protection (if it is turned on), bundled in defense+ makes safesurf of no value. You can uninstall safesurf safely if you use inner shellcode injection protection.

Since Safesurf was not uninstalled when I uninstalled CIS, how do I get rid of safesurf completely?

Find SafeSurf under add/remove programs (control panel applet) and uninstall it.

I’ve been having trouble with cvtres.exe too, I’ll try SS26 exclusion rule then CMF exclusion, if this fails I’ll try uninstalling CMF.

I workaround it by uninstalling CIS 3.11.x, but left CMF installed.

Regards.

You should uninstall CMF as it is now a part of CIS.

What? since when? I really don’t like to miss these COMODO announcements, I’m glad :comodojiggy: I’m gonna look for the announcement now O0

It was incorporated way back in version 3.8…